Make pid namespace sharing optional and disabled by default

We reverse the logic so that pid ns sharing is disabled by default. Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-11-17 16:52:06 -08:00 · 2017-11-17 16:52:06 -08:00 · 946307e5c2
commit 946307e5c2
parent e23723d62e
8 changed files with 17 additions and 17 deletions
--- a/cmd/crio/config.go
+++ b/cmd/crio/config.go
@ -115,8 +115,8 @@ default_mounts = [
 # pids_limit is the number of processes allowed in a container
 pids_limit = {{ .PidsLimit }}

-# disable using a shared PID namespace for containers in a pod
-disable_shared_pid_namespace = {{ .DisableSharedPIDNamespace }}
+# enable using a shared PID namespace for containers in a pod
+enable_shared_pid_namespace = {{ .EnableSharedPIDNamespace }}

 # log_size_max is the max limit for the container log size in bytes.
 # Negative values indicate that no limit is imposed.
--- a/cmd/crio/main.go
+++ b/cmd/crio/main.go
@ -132,8 +132,8 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("pids-limit") {
 		config.PidsLimit = ctx.GlobalInt64("pids-limit")
 	}
-	if ctx.GlobalIsSet("disable-shared-pid-namespace") {
-		config.DisableSharedPIDNamespace = ctx.GlobalBool("disable-shared-pid-namespace")
+	if ctx.GlobalIsSet("enable-shared-pid-namespace") {
+		config.EnableSharedPIDNamespace = ctx.GlobalBool("enable-shared-pid-namespace")
 	}
 	if ctx.GlobalIsSet("log-size-max") {
 		config.LogSizeMax = ctx.GlobalInt64("log-size-max")
@ -301,8 +301,8 @@ func main() {
 			Usage: "maximum number of processes allowed in a container",
 		},
 		cli.BoolFlag{
-			Name:  "disable-shared-pid-namespace",
-			Usage: "disable using a shared PID namespace for containers in a pod",
+			Name:  "enable-shared-pid-namespace",
+			Usage: "enable using a shared PID namespace for containers in a pod",
 		},
 		cli.Int64Flag{
 			Name:  "log-size-max",